fix(api): 400 на битое тело apply, маскирование internal-ошибок, лимит тела
This commit is contained in:
@@ -76,6 +76,41 @@ func TestApplyDefaultsPruneFalse(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestApplyEmptyBodyOK(t *testing.T) {
|
||||||
|
a, m := newTestAPI()
|
||||||
|
router := NewRouter(a)
|
||||||
|
|
||||||
|
did := uuid.New().String()
|
||||||
|
req := httptest.NewRequest(http.MethodPost,
|
||||||
|
"/api/v1/projects/00000000-0000-0000-0000-000000000002/domains/"+did+"/apply", nil)
|
||||||
|
w := httptest.NewRecorder()
|
||||||
|
router.ServeHTTP(w, req)
|
||||||
|
|
||||||
|
if w.Code != http.StatusOK {
|
||||||
|
t.Fatalf("status %d body %s", w.Code, w.Body.String())
|
||||||
|
}
|
||||||
|
if m.lastReq.ApplyPrunes != false {
|
||||||
|
t.Fatalf("expected ApplyPrunes=false for empty body, got %+v", m.lastReq)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestApplyMalformedBody(t *testing.T) {
|
||||||
|
a, _ := newTestAPI()
|
||||||
|
router := NewRouter(a)
|
||||||
|
|
||||||
|
did := uuid.New().String()
|
||||||
|
body := `{"applyUpdates":`
|
||||||
|
req := httptest.NewRequest(http.MethodPost,
|
||||||
|
"/api/v1/projects/00000000-0000-0000-0000-000000000002/domains/"+did+"/apply",
|
||||||
|
strings.NewReader(body))
|
||||||
|
w := httptest.NewRecorder()
|
||||||
|
router.ServeHTTP(w, req)
|
||||||
|
|
||||||
|
if w.Code != http.StatusBadRequest {
|
||||||
|
t.Fatalf("expected 400 for malformed body, got %d body %s", w.Code, w.Body.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestApplyBadUUID(t *testing.T) {
|
func TestApplyBadUUID(t *testing.T) {
|
||||||
a, _ := newTestAPI()
|
a, _ := newTestAPI()
|
||||||
router := NewRouter(a)
|
router := NewRouter(a)
|
||||||
|
|||||||
@@ -2,6 +2,9 @@ package api
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"io"
|
||||||
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
@@ -28,7 +31,8 @@ func (a *API) handleCheck(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
cs, err := a.Svc.Check(r.Context(), did)
|
cs, err := a.Svc.Check(r.Context(), did)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeErr(w, http.StatusInternalServerError, err.Error())
|
log.Printf("api: check failed: %v", err)
|
||||||
|
writeErr(w, http.StatusInternalServerError, "internal error")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
writeJSON(w, http.StatusOK, toChangesetResponse(cs))
|
writeJSON(w, http.StatusOK, toChangesetResponse(cs))
|
||||||
@@ -42,14 +46,20 @@ func (a *API) handleApply(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
var req applyRequest
|
var req applyRequest
|
||||||
if r.Body != nil {
|
if r.Body != nil {
|
||||||
// пустое тело допустимо → значения по умолчанию (prune=false)
|
r.Body = http.MaxBytesReader(w, r.Body, 1<<20) // 1 MiB
|
||||||
_ = json.NewDecoder(r.Body).Decode(&req)
|
// пустое тело допустимо → значения по умолчанию (prune=false);
|
||||||
|
// любая другая ошибка decode (битый JSON, неверные типы) → 400
|
||||||
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil && !errors.Is(err, io.EOF) {
|
||||||
|
writeErr(w, http.StatusBadRequest, "invalid request body")
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
cs, err := a.Svc.Apply(r.Context(), did, service.ApplyRequest{
|
cs, err := a.Svc.Apply(r.Context(), did, service.ApplyRequest{
|
||||||
ApplyUpdates: req.ApplyUpdates, ApplyPrunes: req.ApplyPrunes,
|
ApplyUpdates: req.ApplyUpdates, ApplyPrunes: req.ApplyPrunes,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeErr(w, http.StatusInternalServerError, err.Error())
|
log.Printf("api: apply failed: %v", err)
|
||||||
|
writeErr(w, http.StatusInternalServerError, "internal error")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
writeJSON(w, http.StatusOK, toChangesetResponse(cs))
|
writeJSON(w, http.StatusOK, toChangesetResponse(cs))
|
||||||
|
|||||||
Reference in New Issue
Block a user